From 9338a9a5a0333e50e60aff2f25f93feb0433adf5 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 12 Nov 2019 14:01:38 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2008/7xxx/CVE-2008-7220.json | 10 +++++ 2011/2xxx/CVE-2011-2897.json | 60 ++++++++++++++++++++++++++++-- 2011/2xxx/CVE-2011-2935.json | 60 ++++++++++++++++++++++++++++-- 2011/2xxx/CVE-2011-2936.json | 60 ++++++++++++++++++++++++++++-- 2011/3xxx/CVE-2011-3370.json | 60 ++++++++++++++++++++++++++++-- 2011/5xxx/CVE-2011-5271.json | 63 +++++++++++++++++++++++++++++++- 2014/3xxx/CVE-2014-3599.json | 55 ++++++++++++++++++++++++++-- 2014/7xxx/CVE-2014-7143.json | 63 +++++++++++++++++++++++++++++++- 2018/18xxx/CVE-2018-18819.json | 53 ++++++++++++++++++++++++++- 2019/18xxx/CVE-2019-18658.json | 62 +++++++++++++++++++++++++++++++ 2019/18xxx/CVE-2019-18817.json | 67 ++++++++++++++++++++++++++++++++++ 2019/9xxx/CVE-2019-9900.json | 5 +++ 2019/9xxx/CVE-2019-9901.json | 5 +++ 13 files changed, 602 insertions(+), 21 deletions(-) create mode 100644 2019/18xxx/CVE-2019-18658.json create mode 100644 2019/18xxx/CVE-2019-18817.json diff --git a/2008/7xxx/CVE-2008-7220.json b/2008/7xxx/CVE-2008-7220.json index 044f4889a0b..8168b52d0c0 100644 --- a/2008/7xxx/CVE-2008-7220.json +++ b/2008/7xxx/CVE-2008-7220.json @@ -141,6 +141,16 @@ "refsource": "MLIST", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3610) Update lib prototype.js: 1.4.0_pre4 due to security vulnerability", "url": "https://lists.apache.org/thread.html/6d1b9a75a004dab42c81e8aa149d90e6fd26ce8cd6d71295e565e366@%3Cissues.zookeeper.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[zookeeper-issues] 20191112 [jira] [Created] (ZOOKEEPER-3612) CLONE - Update lib prototype.js: 1.4.0_pre4 due to security vulnerability", + "url": "https://lists.apache.org/thread.html/2ad48cd9d47edd0e677082eb869115809473a117e1e30b52fb511590@%3Cissues.zookeeper.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[zookeeper-dev] 20191112 [jira] [Created] (ZOOKEEPER-3612) CLONE - Update lib prototype.js: 1.4.0_pre4 due to security vulnerability", + "url": "https://lists.apache.org/thread.html/769fcc5f331b61c4d7ce16b807678e9a1799628d0146322e14aa24ed@%3Cdev.zookeeper.apache.org%3E" } ] } diff --git a/2011/2xxx/CVE-2011-2897.json b/2011/2xxx/CVE-2011-2897.json index d7fb7438050..c420710c03d 100644 --- a/2011/2xxx/CVE-2011-2897.json +++ b/2011/2xxx/CVE-2011-2897.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-2897", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "gdk-pixbuf", + "product": { + "product_data": [ + { + "product_name": "gdk-pixbuf", + "version": { + "version_data": [ + { + "version_value": "through 2.31.1" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "gdk-pixbuf through 2.31.1 has GIF loader buffer overflow when initializing decompression tables due to an input validation flaw" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "GIF loader buffer overflow when initializing decompression tables" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://security-tracker.debian.org/tracker/CVE-2011-2897", + "refsource": "MISC", + "name": "https://security-tracker.debian.org/tracker/CVE-2011-2897" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2897", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2897" + }, + { + "url": "https://access.redhat.com/security/cve/cve-2011-2897", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/cve-2011-2897" } ] } diff --git a/2011/2xxx/CVE-2011-2935.json b/2011/2xxx/CVE-2011-2935.json index fec742fde47..b8458112a6a 100644 --- a/2011/2xxx/CVE-2011-2935.json +++ b/2011/2xxx/CVE-2011-2935.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-2935", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Elgg", + "product": { + "product_data": [ + { + "product_name": "Elgg", + "version": { + "version_data": [ + { + "version_value": "through 1.7.10" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Elgg through 1.7.10 has XSS" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "unspecified" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "DEBIAN", + "name": "Debian", + "url": "https://security-tracker.debian.org/tracker/CVE-2011-2935" + }, + { + "refsource": "REDHAT", + "name": "Red Hat", + "url": "https://access.redhat.com/security/cve/cve-2011-2935" + }, + { + "refsource": "MISC", + "name": "https://oss-security.openwall.narkive.com/1UH3NYx8/cve-request-elgg-1-7-10-multiple-vulnerabilities", + "url": "https://oss-security.openwall.narkive.com/1UH3NYx8/cve-request-elgg-1-7-10-multiple-vulnerabilities" } ] } diff --git a/2011/2xxx/CVE-2011-2936.json b/2011/2xxx/CVE-2011-2936.json index 3993dd6c30f..36bbd3203f4 100644 --- a/2011/2xxx/CVE-2011-2936.json +++ b/2011/2xxx/CVE-2011-2936.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-2936", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Elgg", + "product": { + "product_data": [ + { + "product_name": "Elgg", + "version": { + "version_data": [ + { + "version_value": "through 1.7.10" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Elgg through 1.7.10 has a SQL injection vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "unspecified" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://oss-security.openwall.narkive.com/1UH3NYx8/cve-request-elgg-1-7-10-multiple-vulnerabilities", + "url": "https://oss-security.openwall.narkive.com/1UH3NYx8/cve-request-elgg-1-7-10-multiple-vulnerabilities" + }, + { + "refsource": "DEBIAN", + "name": "Debian", + "url": "https://security-tracker.debian.org/tracker/CVE-2011-2936" + }, + { + "refsource": "REDHAT", + "name": "Red Hat", + "url": "https://access.redhat.com/security/cve/cve-2011-2936" } ] } diff --git a/2011/3xxx/CVE-2011-3370.json b/2011/3xxx/CVE-2011-3370.json index fefbab922ae..b6cd4567ff3 100644 --- a/2011/3xxx/CVE-2011-3370.json +++ b/2011/3xxx/CVE-2011-3370.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-3370", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "statusnet", + "product": { + "product_data": [ + { + "product_name": "statusnet", + "version": { + "version_data": [ + { + "version_value": "before 0.9.9 and 1.0.0beta2" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "statusnet before 0.9.9 has XSS" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "unspecified" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "DEBIAN", + "name": "Debian", + "url": "https://security-tracker.debian.org/tracker/CVE-2011-3370" + }, + { + "refsource": "REDHAT", + "name": "Red Hat", + "url": "https://access.redhat.com/security/cve/cve-2011-3370" + }, + { + "refsource": "MISC", + "name": "https://seclists.org/oss-sec/2011/q3/488", + "url": "https://seclists.org/oss-sec/2011/q3/488" } ] } diff --git a/2011/5xxx/CVE-2011-5271.json b/2011/5xxx/CVE-2011-5271.json index 61fab3d832a..4a518c84131 100644 --- a/2011/5xxx/CVE-2011-5271.json +++ b/2011/5xxx/CVE-2011-5271.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2011-5271", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,43 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Pacemaker before 1.1.6 configure script creates temporary files insecurely" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://security-tracker.debian.org/tracker/CVE-2011-5271", + "refsource": "MISC", + "name": "https://security-tracker.debian.org/tracker/CVE-2011-5271" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2014/02/11/1", + "url": "http://www.openwall.com/lists/oss-security/2014/02/11/1" + }, + { + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91120", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91120" + }, + { + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/65472", + "url": "http://www.securityfocus.com/bid/65472" } ] } diff --git a/2014/3xxx/CVE-2014-3599.json b/2014/3xxx/CVE-2014-3599.json index f157edb16ae..2194ef37641 100644 --- a/2014/3xxx/CVE-2014-3599.json +++ b/2014/3xxx/CVE-2014-3599.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2014-3599", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "HornetQ REST", + "product": { + "product_data": [ + { + "product_name": "HornetQ REST", + "version": { + "version_data": [ + { + "version_value": "Fixed In Version: 2.5.0" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "HornetQ REST is vulnerable to XML External Entity due to insecure configuration of RestEasy" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "XXE due to insecure configuration of RestEasy" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3599", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3599" + }, + { + "url": "https://access.redhat.com/security/cve/cve-2014-3599", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/cve-2014-3599" } ] } diff --git a/2014/7xxx/CVE-2014-7143.json b/2014/7xxx/CVE-2014-7143.json index 1dde915e3ca..75d2b07dccb 100644 --- a/2014/7xxx/CVE-2014-7143.json +++ b/2014/7xxx/CVE-2014-7143.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-7143", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,43 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Python Twisted 14.0 trustRoot is not respected in HTTP client" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://security-tracker.debian.org/tracker/CVE-2014-7143", + "refsource": "MISC", + "name": "https://security-tracker.debian.org/tracker/CVE-2014-7143" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-7143", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-7143" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2014/09/22/2", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2014/09/22/2" + }, + { + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96135", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96135" } ] } diff --git a/2018/18xxx/CVE-2018-18819.json b/2018/18xxx/CVE-2018-18819.json index bd3c192c4ee..e996e1a7346 100644 --- a/2018/18xxx/CVE-2018-18819.json +++ b/2018/18xxx/CVE-2018-18819.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-18819", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in the web conference chat component of MiCollab, versions 7.3 PR6 (7.3.0.601) and earlier, and 8.0 (8.0.0.40) through 8.0 SP2 FP2 (8.0.2.202), and MiVoice Business Express versions 7.3 PR3 (7.3.1.302) and earlier, and 8.0 (8.0.0.40) through 8.0 SP2 FP1 (8.0.2.202), could allow creation of unauthorized chat sessions, due to insufficient access controls. A successful exploit could allow execution of arbitrary commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mitel.com/support/security-advisories", + "refsource": "MISC", + "name": "https://www.mitel.com/support/security-advisories" + }, + { + "refsource": "CONFIRM", + "name": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-18-0012", + "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-18-0012" } ] } diff --git a/2019/18xxx/CVE-2019-18658.json b/2019/18xxx/CVE-2019-18658.json new file mode 100644 index 00000000000..d6c80a509e4 --- /dev/null +++ b/2019/18xxx/CVE-2019-18658.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-18658", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Helm 2.x before 2.15.2, commands that deal with loading a chart as a directory or packaging a chart provide an opportunity for a maliciously designed chart to include sensitive content such as /etc/passwd, or to execute a denial of service (DoS) via a special file such as /dev/urandom, via symlinks. No version of Tiller is known to be impacted. This is a client-only issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://helm.sh/blog/2019-10-30-helm-symlink-security-notice/", + "refsource": "MISC", + "name": "https://helm.sh/blog/2019-10-30-helm-symlink-security-notice/" + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18817.json b/2019/18xxx/CVE-2019-18817.json new file mode 100644 index 00000000000..7e1cfb65da9 --- /dev/null +++ b/2019/18xxx/CVE-2019-18817.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-18817", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Istio 1.3.x before 1.3.5 allows Denial of Service because continue_on_listener_filters_timeout is set to True, a related issue to CVE-2019-18836." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://istio.io/news/2019/announcing-1.3.5/", + "refsource": "MISC", + "name": "https://istio.io/news/2019/announcing-1.3.5/" + }, + { + "refsource": "MISC", + "name": "https://github.com/istio/istio/issues/18229", + "url": "https://github.com/istio/istio/issues/18229" + } + ] + } +} \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9900.json b/2019/9xxx/CVE-2019-9900.json index c5c5cfb9e44..236cb5b5fc6 100644 --- a/2019/9xxx/CVE-2019-9900.json +++ b/2019/9xxx/CVE-2019-9900.json @@ -71,6 +71,11 @@ "refsource": "CONFIRM", "name": "https://groups.google.com/forum/#!topic/envoy-announce/VoHfnDqZiAM", "url": "https://groups.google.com/forum/#!topic/envoy-announce/VoHfnDqZiAM" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-x74r-f4mw-c32h", + "url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-x74r-f4mw-c32h" } ] }, diff --git a/2019/9xxx/CVE-2019-9901.json b/2019/9xxx/CVE-2019-9901.json index 30256915d90..df957110c58 100644 --- a/2019/9xxx/CVE-2019-9901.json +++ b/2019/9xxx/CVE-2019-9901.json @@ -66,6 +66,11 @@ "refsource": "CONFIRM", "name": "https://groups.google.com/forum/#!topic/envoy-announce/VoHfnDqZiAM", "url": "https://groups.google.com/forum/#!topic/envoy-announce/VoHfnDqZiAM" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-xcx5-93pw-jw2w", + "url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-xcx5-93pw-jw2w" } ] },